25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

63,500 Patients Impacted by Middletown Medical Data Breach

Posted By on Apr 11, 2018

A misconfigured security setting on a radiology interface has resulted in the exposure of tens of thousands of patients’ protected health information.

Middletown Medical, a multi-specialty physicians’ group based in Middleton, NY, discovered the misconfigured security setting on January 29, 2018.

The following day the interface was secured to ensure unauthorized individuals were prevented from accessing patient information. It is unclear for how long patient data was accessible. Middletown Medical says only a limited number of patients’ PHI could have been accessed by unauthorized individuals.

Highly sensitive information such as financial data, Social Security numbers, and insurance information were not exposed. The breach was limited to names, client identification numbers, birth dates, confirmation that radiology services had been received by patients, and the dates those services were provided. A limited number of patients also had diagnosis codes, radiology images, and radiology reports exposed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The discovery of the error prompted Middletown Medical to review its polices and procedures and implement additional safeguards to ensure the confidentiality of documents containing PHI. Additional training has been provided to staff on securing information systems and modifications have been made to interfaces to ensure all information remains secure.

No reports of misuse of PHI have been received although, out of an abundance of caution, all patients impacted by the breach have been offered complimentary identity theft recovery services for 12 months and have been advised to carefully review their account statements and Explanation of Benefits statements for any sign or fraudulent activity.

The data breach summary submitted to the Department of Health and Human Services’ Office for Civil Rights indicates up to 63,551 patients had their PHI exposed, making this one of the largest healthcare security incidents to be reported so far this year.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist